This is what I did. I obtained a certificate from this site:
They provided 3 files:
certificate.crt
private.key
which make perfect sense as replacement for the 2 files provided
by the distribution. I am guessing that I need somehow to append
the 3rd file (ca_bundle.crt) to the first one? In order to raise
its credibility?
TIA
On 10/11/2020 19:17 Raymond Herrera <raymond@forcewise.com> wrote: This is a followup to my thread "Recommended Protocols?". The error message is as follows: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results. The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read: (a) The server SSL certificate? (b) The client SSL certificate? Please find attached 2 log files. I am essentially using the distribution files as they come from the box. TIAWhile bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file. Aki